:OTL
IE - HKU\S-1-5-21-2040104858-1137319690-259103099-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2040104858-1137319690-259103099-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O33 - MountPoints2\{6d695c68-9ad1-11df-b2be-00262d932088}\Shell - "" = AutoRun
O33 - MountPoints2\{6d695c68-9ad1-11df-b2be-00262d932088}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{79ad97ec-2b1a-11df-885b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{79ad97ec-2b1a-11df-885b-806e6f6e6963}\Shell\AutoRun\command - "" = D:\start.exe
O33 - MountPoints2\{a2744cf9-9ad3-11df-9424-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a2744cf9-9ad3-11df-9424-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{a2744d1e-9ad3-11df-9424-00262d932088}\Shell - "" = AutoRun
O33 - MountPoints2\{a2744d1e-9ad3-11df-9424-00262d932088}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{cffa1a19-a690-11df-926f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{cffa1a19-a690-11df-926f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{cffa1a41-a690-11df-926f-00262d932088}\Shell - "" = AutoRun
O33 - MountPoints2\{cffa1a41-a690-11df-926f-00262d932088}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
[2011/11/30 23:01:08 | 000,000,456 | ---- | M] () -- C:\ProgramData\qKW86BvAZ9o0oz
[2011/11/30 22:59:31 | 000,000,312 | ---- | M] () -- C:\ProgramData\~qKW86BvAZ9o0oz
[2011/11/30 22:59:31 | 000,000,216 | ---- | M] () -- C:\ProgramData\~qKW86BvAZ9o0ozr
[2011/11/30 22:54:12 | 000,000,456 | ---- | C] () -- C:\ProgramData\qKW86BvAZ9o0oz


:files
ipconfig /flushdns /c
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C


:Commands
[purity]
[resethosts]
[emptytemp]
[createrestorepoint]
[Reboot]